Philihp Busby wrote:
One approach would be to extend the Struts ActionServlet controller.
I suggested this technique for auditing last week
<http://article.gmane.org/gmane.comp.jakarta.struts.user/125634>.
You'd probably want to override processRoles instead, which happens
right after Struts resolves the URL path to an Action, but before the
ActionForm is created, populated, and validated. No sense validating a
user's input if you know he/she won't be granted access.
I've overridden the RequestProcessor.processPreProcess() to do this sort
of thing. RequestProcessor.processPreProcess() occurs before
processMapping, so there isn't an ActionMapping yet. You can still do
URL based security mappings, or if you really want to get the Action
class, you could do so from processPreprocess via processPath and
processMapping, albeit in a redundant and sloppy fashion.
I think a filters based approach with something like Acegi is a good
solution to this problem.
-Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
